Wahmans Powershell Blog

Disable-PSTrace

Understanding the Disable-PSTrace Cmdlet in PowerShell

Welcome back to Wahmans Powershell blog! Today we are exploring the Disable-PSTrace cmdlet: a lesser-known but powerful tool in the PowerShell arsenal. This cmdlet is part of the diagnostics toolkit available for PowerShell and provides a way to disable the Microsoft-Windows-PowerShell event provider logs.

What Does Disable-PSTrace Do?

The Disable-PSTrace cmdlet disables logging from the Microsoft-Windows-PowerShell event provider. This provider generates diagnostic logs about PowerShell operations, which are useful for troubleshooting and analyzing system behavior—but in production environments or performance-sensitive systems, you may want to turn it off.

Let’s go through four examples, from beginner to more advanced use cases.

Example 1: Disabling PowerShell Logging Simplified

If you want to disable the PowerShell event provider logs on your system, simply run:

Disable-PSTrace

This single command will turn off the logging, helping reduce unnecessary noise in systems where you no longer need these logs.

Example 2: Check Logging Status Before Disabling

Before disabling logging, you might want to check if it’s even enabled:

$logProvider = wevtutil enum-log "Microsoft-Windows-PowerShell/Operational"
wevtutil get-log $logProvider

If logging is enabled and gathering events you no longer need, you can proceed with disabling:

Disable-PSTrace

Example 3: Disable-PSTrace as Part of a Deployment Script

When deploying systems using automation, you may want to disable the trace logs as part of your initial hardening script:

if ($env:IsDeployment -eq "true") {
    Disable-PSTrace
    Write-Host "PowerShell tracing disabled in deployment stage."
}

This makes sure logs aren’t filled with startup or configuration noise during scripted deployment.

Example 4: Re-enable Logging Later (Advanced)

Though Disable-PSTrace only disables logging, you can pair it with Enable-PSTrace to toggle tracing on and off as needed, for example during diagnostics:

function Toggle-PSTrace {
    param(
        [Parameter(Mandatory)]
        [ValidateSet("Enable", "Disable")]
        [string]$Action
    )

    if ($Action -eq "Enable") {
        Enable-PSTrace
        Write-Host "PowerShell Trace Logging Enabled"
    } elseif ($Action -eq "Disable") {
        Disable-PSTrace
        Write-Host "PowerShell Trace Logging Disabled"
    }
}

# Usage:
Toggle-PSTrace -Action Enable
Start-Sleep -Seconds 60
Toggle-PSTrace -Action Disable

This function can be useful in scripts that do temporary diagnostic logging or verification steps.

Conclusion

The Disable-PSTrace cmdlet gives you direct control over PowerShell diagnostic logs. Whether you’re tuning performance, simplifying your event logs, or writing infrastructure automation, it’s worth keeping in mind when managing log verbosity.

Happy scripting, and I will see you in the next post!

Leave a Reply

Your email address will not be published. Required fields are marked *